diff --git a/bin/check_last_login.sh b/bin/check_last_login.sh
index 5ee97b0..b624840 100755
--- a/bin/check_last_login.sh
+++ b/bin/check_last_login.sh
@@ -28,7 +28,7 @@ LOG="${BASE_FOLDER}/../log";
 AUTH_LOG="${BASE_FOLDER}/../auth-log/user_auth.log";
 
 error=0;
-if [ $(whoami) != "root" ]; then
+if [ "$(whoami)" != "root" ]; then
 	echo "Script must be run as root user";
 	error=1;
 fi;
@@ -36,11 +36,11 @@ if [ ! -d "${LOG}" ]; then
 	echo "log folder ${LOG} not found";
 	error=1;
 fi;
-if [ -z $(command -v curl) ]; then
+if [ -z "$(command -v curl)" ]; then
 	echo "Missing curl application, aborting";
 	error=1;
 fi;
-if [ -z $(command -v jq) ]; then
+if [ -z "$(command -v jq)" ]; then
 	echo "Missing jq application, aborting";
 	error=1;
 fi;
@@ -89,18 +89,18 @@ if [ "${OUTPUT_TARGET}" = "text" ]; then
 	echo "Max age no login   : ${max_age_create} days";
 elif [ "${OUTPUT_TARGET}" = "json" ]; then
 	echo '"Info": {'
-	echo '"AccountId": '${account_id}',';
-	echo '"Region": '${region}',';
-	echo '"InstanceId": '${instance_id}',';
-	echo '"Hostname": "'$(hostname)'",';
-	echo '"Date": "'$(date +"%F %T")'",';
+	echo '"AccountId": '"${account_id}"',';
+	echo '"Region": '"${region}"',';
+	echo '"InstanceId": '"${instance_id}"',';
+	echo '"Hostname": "'"$(hostname)"'",';
+	echo '"Date": "'"$(date +"%F %T")"'",';
 	echo '"MaxAgeLogin": '${max_age_login}',';
 	echo '"WarnAgeLogin": '${warn_age_login}',';
 	echo '"MaxAgeCreate": '${max_age_create}'';
 	echo '},'
 	echo '"Users": ['
 fi;
-for ssh_group in ${ssh_groups[@]}; do
+for ssh_group in "${ssh_groups[@]}"; do
 	if [ "${OUTPUT_TARGET}" = "text" ]; then
 		echo "--------------------->"
 		if [ "${ssh_group}" = "${ssh_reject_group}" ]; then
@@ -110,7 +110,7 @@ for ssh_group in ${ssh_groups[@]}; do
 			echo "Checking Group    : ${ssh_group}";
 		fi;
 	fi;
-	for username in $(cat /etc/group|grep "${ssh_group}:" | cut -d ":" -f 4 | sed -e 's/,/ /g'); do
+	while read -r username; do
 		# check that user exists in passwd
 		if ! id "${username}" &>/dev/null; then
 			out_string="[!] User $username does not exists in /etc/passwd file";
@@ -120,8 +120,8 @@ for ssh_group in ${ssh_groups[@]}; do
 					;;
 				json)
 					echo "{";
-					echo '"Username": "'${username}'",';
-					echo '"SshGroup": "'${ssh_group}'",';
+					echo '"Username": "'"${username}"'",';
+					echo '"SshGroup": "'"${ssh_group}"'",';
 					echo '"MainGroup": "",';
 					echo '"SubGroups": [],';
 					echo '"AccountCreatedDate": "",';
@@ -130,10 +130,11 @@ for ssh_group in ${ssh_groups[@]}; do
 					echo '"LastLoginAge": "",';
 					echo '"LoginSource": "",';
 					echo '"NeverLoggedIn": true,';
-					echo '"Status": "'${out_string}'"';
+					echo '"Status": "'"${out_string}"'"';
 					echo "}";
 					;;
 				csv)
+					# shellcheck disable=SC2059
 					printf "${CSV_LINE}" "${account_id}" "${region}" "${instance_id}" "$(hostname)" "${username}" "" "${ssh_group}" "" "" "" "" "true" "${out_string}"
 					;;
 			esac;
@@ -157,17 +158,17 @@ for ssh_group in ${ssh_groups[@]}; do
 		sub_groups=$(id -Gn "${username}" | sed -e "s/${main_group}//" | sed -e "s/${ssh_group}//")
 		#echo "* Checking user ${username}";
 		# check user create time, if we have set it in comment
-		user_create_date_string=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 5);
+		user_create_date_string=$(grep "${username}:" /etc/passwd | cut -d ":" -f 5);
 		# if empty try last password set time
 		if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then
 			# user L 11/09/2020 0 99999 7 -1
-			user_create_date_string=$(passwd -S ${username} | cut -d " " -f 3);
+			user_create_date_string=$(passwd -S "${username}" | cut -d " " -f 3);
 		fi;
 		# last try is user home .bash_logout
 		if ! [[ "${user_create_date_string}" =~ ^\d{4}-\d{2}-\{2} ]]; then
 			# try logout or bash history
-			home_dir_bl=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 6)"/.bash_logout";
-			home_dir_bh=$(cat /etc/passwd | grep "${username}:" | cut -d ":" -f 6)"/.bash_history";
+			home_dir_bl=$(grep "${username}:" /etc/passwd | cut -d ":" -f 6)"/.bash_logout";
+			home_dir_bh=$(grep "${username}:" /etc/passwd | cut -d ":" -f 6)"/.bash_history";
 			# check that this file exists
 			if [ -f "${home_dir_bl}" ]; then
 				user_create_date_string=$(stat -c %Z "${home_dir_bl}");
@@ -184,7 +185,7 @@ for ssh_group in ${ssh_groups[@]}; do
 		# users. Use the collect script from systemd-logind or /var/log/secure
 		# Username         Port     From             Latest
 		# user             pts/35   10.110.160.230   Wed Nov  2 09:40:35 +0900 2022
-		last_login_string=$(lastlog -u ${username} | sed 1d);
+		last_login_string=$(lastlog -u "${username}" | sed 1d);
 		search="Never logged in";
 		never_logged_in="false";
 		found="";
@@ -209,12 +210,12 @@ for ssh_group in ${ssh_groups[@]}; do
 			last_login_date_string=$(grep "${username};" "${AUTH_LOG}" | cut -d ";" -f 2);
 			last_login_date=$(echo "${last_login_date_string}" | date +"%s" -f -);
 			last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
-			if [ ${last_login} -gt ${max_age_login} ]; then
+			if [ "${last_login}" -gt ${max_age_login} ]; then
 				out_string="[!] Last ssh log in ${last_login} days ago";
 				if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
 					lock_user=1;
 				fi;
-			elif [ ${last_login} -gt ${warn_age_login} ]; then
+			elif [ "${last_login}" -gt ${warn_age_login} ]; then
 				out_string="WARN [last ssh login ${last_login} days ago]";
 			else
 				out_string="OK [ssh, ${last_login} days ago]";
@@ -222,19 +223,19 @@ for ssh_group in ${ssh_groups[@]}; do
 			login_source="ssh";
 			# rewrite to Y-M-D, aka
 			last_login_date="${last_login_date_string}"
-		elif [ -n "${last_login_string##*$search*}" ]; then
+		elif [ -n "${last_login_string##*"$search"*}" ]; then
 			# if we have "** Never logged in**" the user never logged in
 			# find \w{3} \w{3} [\s\d]{2} \d{2}:\d{2}:\d{2} \+\d{4} \d{4}
 			# awk '{for(i=4;i<=NF;++i)printf $i FS}'
 			last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%s" -f -);
 			# date -d "Wed Nov  2 09:40:35 +0900 2022" +%s
 			last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
-			if [ ${last_login} -gt ${max_age_login} ]; then
+			if [ "${last_login}" -gt ${max_age_login} ]; then
 				out_string="[!] Last terminal log in ${last_login} days ago";
 				if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
 					lock_user=1;
 				fi;
-			elif [ ${last_login} -gt ${warn_age_login} ]; then
+			elif [ "${last_login}" -gt ${warn_age_login} ]; then
 				out_string="WARN [last terminal login ${last_login} days ago]";
 			else
 				out_string="OK [lastlog, ${last_login} days ago]";
@@ -242,7 +243,7 @@ for ssh_group in ${ssh_groups[@]}; do
 			login_source="lastlog";
 			last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%F %T" -f -)
 		elif [ -n "${user_create_date}" ]; then
-			if [ ${account_age} -gt ${max_age_create} ]; then
+			if [ "${account_age}" -gt ${max_age_create} ]; then
 				out_string="[!] Never logged in: account created ${account_age} days ago";
 				if [ "${ssh_group}" != "${ssh_reject_group}" ]; then
 					lock_user=1;
@@ -275,24 +276,25 @@ for ssh_group in ${ssh_groups[@]}; do
 				done;
 				sub_groups_string="${sub_groups_string}]";
 				echo "{";
-				echo '"Username": "'${username}'",';
-				echo '"SshGroup": "'${ssh_group}'",';
-				echo '"MainGroup": "'${main_group}'",';
-				echo '"SubGroups": '${sub_groups_string}',';
-				echo '"AccountCreatedDate": "'${user_create_date_out}'",';
-				echo '"AccountAge": "'${account_age}'",';
-				echo '"LastLoginDate": "'${last_login_date}'",';
-				echo '"LastLoginAge": "'${last_login}'",';
-				echo '"LoginSource": "'${login_source}'",';
-				echo '"NeverLoggedIn": '${never_logged_in}',';
-				echo '"Status": "'${out_string}'"';
+				echo '"Username": "'"${username}"'",';
+				echo '"SshGroup": "'"${ssh_group}"'",';
+				echo '"MainGroup": "'"${main_group}"'",';
+				echo '"SubGroups": '"${sub_groups_string}"',';
+				echo '"AccountCreatedDate": "'"${user_create_date_out}"'",';
+				echo '"AccountAge": "'"${account_age}"'",';
+				echo '"LastLoginDate": "'"${last_login_date}"'",';
+				echo '"LastLoginAge": "'"${last_login}"'",';
+				echo '"LoginSource": "'"${login_source}"'",';
+				echo '"NeverLoggedIn": '"${never_logged_in}"',';
+				echo '"Status": "'"${out_string}"'"';
 				echo "}";
 				;;
 			csv)
+				# shellcheck disable=SC2059
 				printf "${CSV_LINE}" "${account_id}" "${region}" "${instance_id}" "$(hostname)" "${username}" "${main_group}" "${ssh_group}" "${user_create_date_out}" "${account_age}" "${last_login_date}" "${last_login}" "${never_logged_in}" "${login_source}" "${out_string}"
 				;;
 		esac;
-	done;
+	done <<< "$(grep "${ssh_group}:" /etc/group | cut -d ":" -f 4 | sed -e 's/,/ /g')";
 done;
 if [ "${OUTPUT_TARGET}" = "text" ]; then
 	if [ -n "${lock_accounts}" ]; then